'STEP 2 - Loading it in the process'This is where it gets a little interesting....'Just throwing our Dll into the process isnt going to do shit unless you'Load it into the precess address using LoadLibrary. The LoadLibrary function'maps the specified executable module into the address space of the'calling process. You call LoadLibrary by using CreateRemoteThread to'create a thread(no shit) that runs in the address space of another process.'First we find the LoadLibrary API function and store itLibAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")If LibAddress = 0 Then Form1.Label1.Caption = "Can't find LoadLibrary API from kernel32.dll": Exit Function'Next, the part the took me damn near 2 hours to figure out - using CreateRemoteThread'We set a pointer to LoadLibrary(LibAddress) in our process, LoadLibrary then puts'our Dll(DLLVirtLoc) into the process address. Easy enough right?CreateThread = CreateRemoteThread(ProsH, vbNull, 0, LibAddress, DLLVirtLoc, 0, ThreadID)If CreateThread = 0 Then Form1.Label1.Caption = "Failed to Create Thead!"Form1.Label1.Caption = "Dll Injection Successful!"End Function

No Module2 "modGetHProcExe" Adicione o Código:

'I DID NOT CREATE THIS MODULE! Im in love with who ever did thoughPublic Const PROCESS_ALL_ACCESS As Long = &H1F0FFF

Private Type PROCESSENTRY32dwSize As LongcntUsage As Longth32ProcessID As Longth32DefaultHeapID As Longth32ModuleID As LongcntThreads As Longth32ParentProcessID As LongpcPriClassBase As LongdwFlags As LongszExeFile As String * 260End Type

Public Function GetHProcExe(strExeName As String) As LongDim hSnap As Long'Create a snapshot of all of the processes, and information'about them (saving the handle so we can iterate through the'processes)hSnap = CreateToolhelpSnapshot(2, 0)